DIR-879 Firmware Release Notes
Firmware: 1.10b05
Hardware: Rev. Ax
Release Date: 2018/2/03
Note:
1. The firmware version is advanced to v1.10
2. The firmware v1.10 must be upgraded from the transitional version of firmware v1.04 (transitional version).
Problems Resolved:
1. Update wpa2 security patch
2. Support EU VLAN @ EU country code
3. Support VLAN profile @ SG country code
4. Upgrade dnsmasq to 2.78
Enhancements
1. Support D-Link Wi-Fi APP (QRS mobile won't be supported from firmware version v1.10 or later version).
2. Support image with encryption.
---------------------
Firmware: 1.06b01-07
Hardware: Rev.A1
Release Date: 2018/01/04
Note:
This release is to patch the WPA2 Key Reinstallation Attack (KRACK) Security Vulnerabilities affecting this product.
Problems Resolved:
A WPA2 wireless protocol vulnerability was reported to CERT//CC and public disclosed
as: VU#228519 - Wi-Fi Protected Access II (WPA2) handshake traffic can be
manipulated to induce nonce and session key reuse.
The following CVE IDs have been assigned to VU#228519. These vulnerabilities in the WPA2 protocol:
· CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
· CVE-2017-13078: reinstallation of the group key in the Four-way handshake
· CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
· CVE-2017-13080: reinstallation of the group key in the Group Key handshake
· CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
· CVE-2017-13082: accepting a retransmitted Fast BSS Transition Re-association
Request and reinstalling the pairwise key while processing it
· CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
· CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
· CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
· CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response
frame
This patch also included fixes for DNSmasq vulnerability:
· CVE-2017-14491 � Remote code execution in the DNS subsystem that can be
exploited from the other side of the internet against public-facing systems and
against stuff on the local network. The previously latest version had a two-byte
overflow bug, which could be leveraged, and all prior builds had an unlimited
overflow.
· CVE-2017-14492 � The second remote code execution flaw works via a heap-
based overflow.
· CVE-2017-14493 � Google labels this one as trivial to exploit. It's a stack-based
buffer overflow vulnerability that enables remote code execution if it's used in
conjunction with the flaw below.
· CVE-2017-14494 � This is an information leak in DHCP which, when using in
conjunction with CVE-2017-14493, lets an attacker bypass the security
mechanism ASLR and attempt to run code on a target system.
· CVE-2017-14495 � A limited flaw this one, but can be exploited to launch a
denial of service attack by exhausting memory. Dnsmasq is only vulnerable,
however, if the command line switches --add-mac, --add-cpe-id or --add-subnet
are used.
· CVE-2017-14496 � Here the DNS code performs invalid boundary checks,
allowing a system to be crashed using an integer underflow leading to a huge
memcpy() call. Android systems are affected if the attacker is local or tethered
directly to the device.
· CVE-2017-13704 � A large DNS query can crash the software
---------------------
Firmware: 1.05b01
Hardware: Rev.A1
Release Date: 2017/02/06
Problems Resolved:
1. Fix setup GUI is not reachable.
Enhancements:
None
---------------------
Firmware: 1.04b01_01
Hardware: Rev.A1
Release Date: 2016/11/25
Problems Resolved:
1. Fix HNAP Service Stack-Based Buffer Overflow Vulnerability
CWE-121 CVE-2016-6563 VU#677427
http://www.kb.cert.org/vuls/id/677427
Enhancements:
None
---------------------
Firmware: 1.04b02_g7m9
Hardware: Rev.A1
Release Date: 2016/07/22
Problems Resolved:
1. Fixed send log as email.
Enhancements:
None
---------------------
Firmware: 1.03WWb01
Hardware: Rev.A1
Release Date: 2016/5/17
Problems Resolved:
1. Fixed the GUI display issue that sometimes "Click to repair" doesn't show up in home page.
2. Fixed the issue that Manual MTU setting doesn't in Static IP extender mode.
3. Fixed the incorrect description in GUI page.
4. Fixed the incorrect translation in GUI page while in extender mode.
5. Fixed the issue that WMM is set to disabled after the wizard installation of DIR-879.
6. Fixed the issue of Port Forwarding that sometimes disabling some rules causes other rules to be enabled
automatically.
7. Fixed the issue that in RU domain code, after resetting DIR-879, sometimes wired/wireless clients may not access
to INTERNET unless DIR-879 is rebooted manually.
8. Fixed the reported security issue.
9. Fixed the issue that WPS is performed in extender mode, all downlink wired or wireless clients will disconnect
from DIR-879 and DIR-879 also disconnects from uplink router.
10. Fixed the issue that when home user selects Deutsch in language list in login page, UI description still display in
English after log in DIR-879.
11. Fixed the issue that when home user set the IPv6 DNS setting manually, DIR-879, wired and wireless clients can't
get IPv6 address.
12. Fixed the LED behavior of DIR-879 in wireless extender mode:
[Bug]LED displays in solid white and the connection status in main page shows connected after DIR-879
disconnects from uplink router.
[Bug]After the timeout of WPS phase in downlink clients, LED still blinks in white.
[Bug]If home user changes the wireless band with uplink router, then LED cannot change to solid white.
[Bug]When the cable is detached from INTERNET port in DHCP mode, LED sometimes doesn't turn into
orange.
[Bug]When the cable is detached from INTERNET port and connected again in Static IP, LED will remains in
solid orange.
[Bug]In Static IP mode, LED turns into solid orange after home user changing and saving the IP setting of
DIR879 on GUI page.
13. Fixed the LED behavior in router mode:
After the timeout of WPS phase in downlink clients, LED doesn't turn into solid orange.
Enhancements:
1. Improved 2.4G wireless throughput.
2. Added wireless extender mode.
Known issues:
1. Send log as email not working. Will be fixed soon.
DIR-878 Firmware Release Notes
Firmware: FW111
Hardware: Rev. Ax
Release Date: 2018/8/01
Note:
Problems Resolved:
1. Improved IOT for game console
2. Fix the bug:with internet settings when set DHCP/Static connect type, Set MTU with manual, it can't
apply.
3. Fix the bug: losing connecting with the specific modem daily
4. Improved user experience for D-Link Wi-Fi APP
Enhancements
1. Support D-Link Wi-Fi APP
(QRS mobile won't be supported from firmware version v1.10 or later version)
Firmware: 1.20b05neo
Hardware: Rev. Ax
Release Date: 2019/08/14
Problems Resolved:
1. Fix User setup.
----------
Firmware: 1.20b05
Hardware: Rev. Ax
Release Date: 2019/05/16
Problems Resolved:
1. Enhanced good user experience for D-Link Wi-Fi APP.
Enhancements
1. Support D-Link Wi-Fi APP (QRS mobile won't be supported from firmware version v1.10 or later version).
----------
Firmware: 1.20b03
Hardware: Rev. Ax
Release Date: 2019/02/15
Problems Resolved:
1. Fix Remote Management access over IPv6 internet connection.
2. Fix "Generic Router DNS Cache Poisoning Caused by Infrastructure Protocol Vulnerabilities" from GeekPwn 2018 contest.Firmware: 1.21b01
Hardware: Rev. Ax
Release Date: 2019/09/29
Problems Resolved:
1. Compatible to actual D-Link Wi-Fi app for PPPoE setup with VLAN-ID.
----------
DIR-878 Rev.A Firmware Release Notes
Firmware: 1.30b03
Hardware: Rev. Ax
Release Date: 2019/12/14
Problems Resolved:
1. ZDI-CAN-9470 - Authentication Bypass.
2. ZDI-CAN-9471 - strncmp function weakness leads to unauthenticated user ability tochange admin password.
(CVE-2020-8863 Authentication Bypass & CVE-2020-8864 Unauthenticated Bypass)
Enhancements:
1. Support WPA3-SAE.
On January 12, 2021, a 3rd party security researcher submitted a report accusing the DIR-878 using firmware v1.30B08 of a LAN-side unauthenticated stack-based buffer overflow vulnerability The Vulnerability was confirmed and a patch was issued too close the reported issue. Please find the beta/hotfix release below.
3rd Party Report information
- Report provided: pwang :: 18222325265 _at_ 163 _dot_ com
- Reference :
CVE-2021-30072 : https://nvd.nist.gov/vuln/detail/CVE-2021-30072
The issue was discovered on DLINK DIR-878 1.30B08. The firmware has a strcat is misused, which can be exploited to a stack-based buffer overflow vulnerability that does not require authentication.The vulnerability was in file prog.cgi, main function. Sending a malicous request to the target device from the LAN-side can cause the prog.cgi process to crash, resulting the device to malfunction.
DIR-878 Rev.A Firmware Release Notes
Firmware: 1.30b08security04
Hardware: Rev. Ax
Release Date: 2022/10/12
Problems Resolved:
1. Addressed the HNAP command injection security issue
----------
Firmware: 1.30b08security
Hardware: Rev. Ax
Release Date: 2022/03/29
Problems Resolved:
1. Fix WPA3 issue with iOS.
2. Fix security: Authenticated Command Injection.
3. Fix security: Multiple Command Injection.
4. Fix security: Command Injection report by CNVD.
5. Fix security: IPV6 service ports open.
6. Fix security: Remote code execution vulnerability.
7. Fix security: ZDI-CAN-13796: lighttpd Stack-based Buffer Overflow Remote Code Execution Vulnerability.
8. Fix security: Buffer Overflow & Command Injection.
----------
Firmware: 1.30b03
Hardware: Rev. Ax
Release Date: 2019/12/14
Problems Resolved:
1. ZDI-CAN-9470 - Authentication Bypass.
2. ZDI-CAN-9471 - strncmp function weakness leads to unauthenticated user ability tochange admin password.
(CVE-2020-8863 Authentication Bypass & CVE-2020-8864 Unauthenticated Bypass)
Enhancements:
1. Support WPA3-SAE.
----------
Firmware: 1.21b01
Hardware: Rev. Ax
Release Date: 2019/09/29
Problems Resolved:
1. Compatible to actual D-Link Wi-Fi app for PPPoE setup with VLAN-ID.
----------
Firmware: 1.20b05neo
Hardware: Rev. Ax
Release Date: 2019/08/14
Problems Resolved:
1. Fix User setup.
----------
Firmware: 1.20b05
Hardware: Rev. Ax
Release Date: 2019/05/16
Problems Resolved:
1. Enhanced good user experience for D-Link Wi-Fi APP.
Enhancements:
1. Support D-Link Wi-Fi APP (QRS mobile won't be supported from firmware version v1.10 or later version).
----------
Firmware: 1.20b03
Hardware: Rev. Ax
Release Date: 2019/02/15
Problems Resolved:
1. Fix Remote Management access over IPv6 internet connection.
2. Fix "Generic Router DNS Cache Poisoning Caused by Infrastructure Protocol Vulnerabilities" from GeekPwn 2018 contest.
----------
Firmware: 1.12b01
Hardware: Rev. Ax
Release Date: 2018/08/14
Problems Resolved:
1. Added back AutoZoning support for AU CountryCode.
Enhancements
1. Support D-Link Wi-Fi APP (QRS mobile won't be supported from firmware version v1.10 or later version)
----------
Firmware: 1.11b02
Hardware: Rev. Ax
Release Date: 2018/07/09
Problems Resolved:
1. Improved IOT for game console.
2. Fix the bug:with internet settings when set DHCP/Static connect type, Set MTU with manual, it can't apply.
3. Fix the bug: losing connecting with the specific modem daily.
4. Improved user experience for D-Link Wi-Fi APP.
Enhancements
1. Support D-Link Wi-Fi APP
(QRS mobile won't be supported from firmware version v1.10 or later version)
----------
Firmware: 1.10b05
Hardware: Rev. Ax
Release Date: 2018/2/03
Note:
1. The firmware version is advanced to v1.10
2. The firmware v1.10 must be upgraded from the transitional version of firmware v1.04 (transitional version).
Problems Resolved:
1. Update wpa2 security patch
2. Support EU VLAN @ EU country code
3. Support VLAN profile @ SG country code
4. Upgrade dnsmasq to 2.78
Enhancements
1. Support D-Link Wi-Fi APP (QRS mobile won't be supported from firmware version v1.10 or later version).
2. Support image with encryption.
----------
Firmware: 1.06b01-07
Hardware: Rev.A1
Release Date: 2018/01/04
Note:
This release is to patch the WPA2 Key Reinstallation Attack (KRACK) Security Vulnerabilities affecting this product.
Problems Resolved:
A WPA2 wireless protocol vulnerability was reported to CERT//CC and public disclosed
as: VU#228519 - Wi-Fi Protected Access II (WPA2) handshake traffic can be
manipulated to induce nonce and session key reuse.
The following CVE IDs have been assigned to VU#228519. These vulnerabilities in the WPA2 protocol:
· CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
· CVE-2017-13078: reinstallation of the group key in the Four-way handshake
· CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
· CVE-2017-13080: reinstallation of the group key in the Group Key handshake
· CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
· CVE-2017-13082: accepting a retransmitted Fast BSS Transition Re-association
Request and reinstalling the pairwise key while processing it
· CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
· CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
· CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
· CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response
frame
This patch also included fixes for DNSmasq vulnerability:
· CVE-2017-14491 � Remote code execution in the DNS subsystem that can be
exploited from the other side of the internet against public-facing systems and
against stuff on the local network. The previously latest version had a two-byte
overflow bug, which could be leveraged, and all prior builds had an unlimited
overflow.
· CVE-2017-14492 � The second remote code execution flaw works via a heap-
based overflow.
· CVE-2017-14493 � Google labels this one as trivial to exploit. It's a stack-based
buffer overflow vulnerability that enables remote code execution if it's used in
conjunction with the flaw below.
· CVE-2017-14494 � This is an information leak in DHCP which, when using in
conjunction with CVE-2017-14493, lets an attacker bypass the security
mechanism ASLR and attempt to run code on a target system.
· CVE-2017-14495 � A limited flaw this one, but can be exploited to launch a
denial of service attack by exhausting memory. Dnsmasq is only vulnerable,
however, if the command line switches --add-mac, --add-cpe-id or --add-subnet
are used.
· CVE-2017-14496 � Here the DNS code performs invalid boundary checks,
allowing a system to be crashed using an integer underflow leading to a huge
memcpy() call. Android systems are affected if the attacker is local or tethered
directly to the device.
· CVE-2017-13704 � A large DNS query can crash the software
----------
Firmware: 1.05b01
Hardware: Rev.A1
Release Date: 2017/02/06
Problems Resolved:
1. Fix setup GUI is not reachable.
Enhancements:
None
----------
Firmware: 1.04b01_01
Hardware: Rev.A1
Release Date: 2016/11/25
Problems Resolved:
1. Fix HNAP Service Stack-Based Buffer Overflow Vulnerability
CWE-121 CVE-2016-6563 VU#677427
http://www.kb.cert.org/vuls/id/677427
Enhancements:
None
----------
Firmware: 1.04b02_g7m9
Hardware: Rev.A1
Release Date: 2016/07/22
Problems Resolved:
1. Fixed send log as email.
Enhancements:
None
----------
Firmware: 1.03WWb01
Hardware: Rev.A1
Release Date: 2016/5/17
Problems Resolved:
1. Fixed the GUI display issue that sometimes "Click to repair" doesn't show up in home page.
2. Fixed the issue that Manual MTU setting doesn't in Static IP extender mode.
3. Fixed the incorrect description in GUI page.
4. Fixed the incorrect translation in GUI page while in extender mode.
5. Fixed the issue that WMM is set to disabled after the wizard installation of DIR-879.
6. Fixed the issue of Port Forwarding that sometimes disabling some rules causes other rules to be enabled
automatically.
7. Fixed the issue that in RU domain code, after resetting DIR-879, sometimes wired/wireless clients may not access
to INTERNET unless DIR-879 is rebooted manually.
8. Fixed the reported security issue.
9. Fixed the issue that WPS is performed in extender mode, all downlink wired or wireless clients will disconnect
from DIR-879 and DIR-879 also disconnects from uplink router.
10. Fixed the issue that when home user selects Deutsch in language list in login page, UI description still display in
English after log in DIR-879.
11. Fixed the issue that when home user set the IPv6 DNS setting manually, DIR-879, wired and wireless clients can't
get IPv6 address.
12. Fixed the LED behavior of DIR-879 in wireless extender mode:
[Bug]LED displays in solid white and the connection status in main page shows connected after DIR-879
disconnects from uplink router.
[Bug]After the timeout of WPS phase in downlink clients, LED still blinks in white.
[Bug]If home user changes the wireless band with uplink router, then LED cannot change to solid white.
[Bug]When the cable is detached from INTERNET port in DHCP mode, LED sometimes doesn't turn into
orange.
[Bug]When the cable is detached from INTERNET port and connected again in Static IP, LED will remains in
solid orange.
[Bug]In Static IP mode, LED turns into solid orange after home user changing and saving the IP setting of
DIR879 on GUI page.
13. Fixed the LED behavior in router mode:
After the timeout of WPS phase in downlink clients, LED doesn't turn into solid orange.
Enhancements:
1. Improved 2.4G wireless throughput.
2. Added wireless extender mode.
Known issues:
1. Send log as email not working. Will be fixed soon.
Firmware External Version V1.30
Firmware Internal Version: V1.30B08 [HOTFIX]
Date: 2022-10-12 14:50:37
Checksum CA81A558
Kernel linux 3.10.14 2022-10-12 14:50:37
Dual Image A:V1.30B08.B:V1.30B08.Current image:A.Primary image:A.
Firmware External Version V1.30
Firmware Internal Version: V1.30B08
Date: 2020-07-16 16:39:26
Checksum FBE43EF2
Kernel linux 3.10.14 2020-07-16 16:39:26
Firmware Externel Version V1.21
Firmware Internal Version: V1.21B01
Date: 2019-09-29 15:20:57
Checksum C232DE8F
Firmware Externel Version V1.12
Firmware Internal Version: V1.12B01
Date: 2018-08-14 20:10:03
Checksum CE6ED9F1
Firmware Query http://wrpd.dlink.com/router/firmware/query.aspx?model=DIR-878_Ax_Default2_FW_0112_283B824CFA96
Firmware Externel Version V1.10
Firmware Internal Version: V1.10B05
Date: 2018-02-03 19:44:57
Checksum F6340220
Firmware Query http://wrpd.dlink.com/router/firmware/query.aspx?model=DIR-878_Ax_Default2_FW_0110_283B824CFA96
Firmware Externel Version V1.02
Firmware Internal Version: V1.02B02
Date: 2017-10-12 20:22:25
Checksum 8B2462C5
Firmware Query http://wrpd.dlink.com/router/firmware/query.aspx?model=DIR-878_Ax_Default
Firmware Externel Version V1.01
Firmware Internal Version: V1.01B04
Date: 2017-07-19 21:15:29
Checksum 7743E712
Firmware Query http://wrpd.dlink.com/router/firmware/query.aspx?model=DIR-878_Ax_Default
HNAP Version 0202
WAN MAC: 00:00:00:00:00:44
LAN MAC 00:00:00:00:00:11
2.4GHZ WLAN MAC 00:00:00:00:00:22
5GHZ WLAN MAC 00:00:00:00:00:33
2.4GHz country code EU 1,2,3,4,5,6,7,8,9,10,11,12,13
5GHz country code EU 36,40,44,48
Firmware variant Default
2.4GHZ SSID dlink-0011
5GHZ SSID dlink-0011